Daily NCSC-FI news followup 2021-04-26

Valtion virastoihin tietomurto Kiina vastaavien iskujen takana, viranomainen vaitelias

www.is.fi/digitoday/tietoturva/art-2000007942369.html Ohjelmistoaukon kautta tehty hyökkäys herättää paljon kysymyksiä, mutta vastaukset ovat niukkoja.

Petos­tehtailijoiden epäillään käyttäneen hyväkseen OmaPostia ja taksi­sovellusta saaliiksi kymmeniä­tuhansia euroja

www.is.fi/digitoday/tietoturva/art-2000007942423.html Kahta vangittuna ollutta miestä epäillään törkeästä tietomurrosta, tietosuojarikoksesta ja yhteensä 46 petosrikoksesta OmaPosti – -sovellukseen liittyen.

Despite arrests in Spain, FluBot operations explode across Europe and Japan

therecord.media/despite-arrests-in-spain-flubot-operations-explode-across-europe-and-japan/ Cyber-security agencies in Germany and the UK warned the general public this month about a spike in SMS spam messages spreading the FluBot Android malware. New intelligence shared this week suggests that FluBot distributors have already expanded operations and have launched SMS spam campaigns targeting users in other countries, including Japan, Italy, Norway, Sweden, Finland, Denmark, Poland, and the Netherlands. also:


Russian Foreign Intelligence Service (SVR) Cyber Operations: Trends and Best Practices for Network Defenders – Alert (AA21-116A)

us-cert.cisa.gov/ncas/alerts/aa21-116a The FBI and DHS are providing information on the SVR’s cyber tools, targets, techniques, and capabilities to aid organizations in conducting their own investigations and securing their networks.


www.cisa.gov/publication/software-supply-chain-attacks This resource provides in-depth recommendations for software customers and vendors as well as key steps for prevention, mitigation and resilience of software supply chain attacks. PDF:


Näin Lahti selvisi uhkaavasta kyberhyökkäyksestä “Juttu oli jo aika lailla housuissa”

www.tivi.fi/uutiset/tv/8ffce8f3-e08a-40ca-9e61-b156c4e808e0 [TILAAJILLE]. Lahden kaupunki joutui kyberhyökkäyksen kohteeksi kesäkuussa 2019. Tietohallintojohtaja Marko Monni kertoo nyt, miten uhkaavasta tilanteesta selvittiin ja mitä tapaus opetti.

“Teollisen mittakaavan huijauksia” verkkopalvelun käyttäjiä varoitetaan

www.tivi.fi/uutiset/teollisen-mittakaavan-huijauksia-verkkopalvelun-kayttajia-varoitetaan/eedd90c0-305c-466b-8994-d068fc6b8a90 Liian huoleton verkostoituminen LinkedInissä saattaa käydä kalliiksi, varoittelevat viranomaiset.

Crypto miners are killing free CI

layerci.com/blog/crypto-miners-are-killing-free-ci/ CI providers like GitLab, TravisCI, and Shippable are all worsening or shutting down their free tiers due to cryptocurrency mining attacks.

Quickpost: Decrypting Cobalt Strike Traffic

blog.didierstevens.com/2021/04/26/quickpost-decrypting-cobalt-strike-traffic/ I have been looking at several samples of Cobalt Strike beacons used in malware attacks. Although work is still ongoing, I already want to share my findings.

3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails

thehackernews.com/2021/04/32-billion-leaked-passwords-contain-15.html A staggering number of 3.28 billion passwords linked to 2.18 billion unique email addresses were exposed in what’s one of the largest data dumps of breached usernames and passwords. The findings come from an analysis of a massive 100GB data set called “COMB21” aka Compilation of Many Breaches that was published for free in an online cybercrime forum earlier this February by putting together data from multiple leaks in different companies and organizations that occurred over the years.

When AIs Start Hacking

www.schneier.com/blog/archives/2021/04/when-ais-start-hacking.html If you don’t have enough to worry about already, consider a world where AIs are hackers. Hacking is as old as humanity. We are creative problem solvers. We exploit loopholes, manipulate systems, and strive for more influence, power, and wealth. To date, hacking has exclusively been a human activity. Not for long. also:


11-13 year old girls most likely to be targeted by online predators

blog.malwarebytes.com/awareness/2021/04/11-13-year-old-girls-most-likely-to-be-targeted-by-online-predators/ The Internet Watch Foundation (IWF), a not-for-profit organization in England whose mission is “to eliminate child sexual abuse imagery online”, has recently released its analysis of online predator victimology and the nature of sexual abuse media that is currently prevalent online. The scope of the report covered the whole of 2020.

Nvidia Warns: Severe Security Bugs in GPU Driver, vGPU Software

threatpost.com/nvidia-security-bugs-gpu-vgpu/165597/ The gaming- and AI-friendly graphics accelerators can open the door to a range of cyberattacks.

New ICS Threat Activity Group: TALONITE

www.dragos.com/blog/industry-news/new-ics-threat-activity-group-talonite/ Dragos first disclosed four new threat activity groups targeting ICS/OT in the ICS Cybersecurity 2020 Year in Review report. In this blog post, we will provide more information on one of the new groups: TALONITE.

Outo muutos heti Trumpin lähdettyä: nyt Pentagon valotti verkkomysteeriä

www.tivi.fi/uutiset/tv/8cac6b49-c0bc-4976-8e25-df2894fe660c Miljoonien ip-osoitteiden hallinnan muutos ihmetytti ammattilaisia.

Minnesota University Apologizes for Contributing Malicious Code to the Linux Project

thehackernews.com/2021/04/minnesota-university-apologizes-for.html Researchers from the University of Minnesota apologized to the maintainers of Linux Kernel Project on Saturday for intentionally including vulnerabilities in the project’s code, which led to the school being banned from contributing to the open-source project in the future.

You might be interested in …

Daily NCSC-FI news followup 2021-06-16

Ukrainian Police Nab Six Tied to CLOP Ransomware krebsonsecurity.com/2021/06/ukrainian-police-nab-six-tied-to-clop-ransomware/ Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOPs victims this year alone include Stanford University Medical School, the University […]

Read More

Daily NCSC-FI news followup 2020-04-10

Large email extortion campaign underway, DON’T PANIC! www.bleepingcomputer.com/news/security/large-email-extortion-campaign-underway-dont-panic/ A large email extortion campaign is underway telling recipients that their computer was hacked and that a video was taken through the hacked computer’s webcam. The attackers then demand $1,900 in bitcoins or the video will be sent to family and friends. Ransomware scumbags leak Boeing, Lockheed […]

Read More

Daily NCSC-FI news followup 2019-12-13

G DATA IT Security Trends 2020: Early detection and repulsion of dangerous attacks www.gdatasoftware.com/blog/2019/12/35671-early-detection-and-repulsion-of-dangerous-attacks Medium-sized companies are being targeted even more heavily by cyber criminals than before. They are often the weakest link in supply chains that include large corporations. In 2020, attackers will exploit this to an even greater extent than before and strike […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.